[jitsi-dev] Dependency versions


#1

Hey everyone,

We just finished switching to fixed versions for our maven dependencies. We don't depend on -SNAPSHOT anywhere anymore. Future builds will be reproducible by checking out the corresponding commit (marked by a git tag) and running maven. The specific versions of the dependencies are also included in our debian and .zip packages (in the names of the jar files in lib/).

Updating the dependency versions is currently done manually by editing pom.xml. In order to catch problems as soon as they are introduced we want to keep all versions updated. Please consider updating all dependent projects after an update to a dependency.

In order to switch back to using a -SNAPSHOT for a particular dependency (e.g. while developing), edit pom.xml and replace the version:

      <dependency>
        <groupId>${project.groupId}</groupId>
        <artifactId>libjitsi</artifactId>
- <version>1.0-20160202.214638-87</version>
+ <version>1.0-SNAPSHOT</version>

Regards,
Boris


#2

awesome, nice work!

···

On Wed, Feb 3, 2016 at 11:55 AM, Boris Grozev <boris@jitsi.org> wrote:

Hey everyone,

We just finished switching to fixed versions for our maven dependencies.
We don't depend on -SNAPSHOT anywhere anymore. Future builds will be
reproducible by checking out the corresponding commit (marked by a git tag)
and running maven. The specific versions of the dependencies are also
included in our debian and .zip packages (in the names of the jar files in
lib/).

Updating the dependency versions is currently done manually by editing
pom.xml. In order to catch problems as soon as they are introduced we want
to keep all versions updated. Please consider updating all dependent
projects after an update to a dependency.

In order to switch back to using a -SNAPSHOT for a particular dependency
(e.g. while developing), edit pom.xml and replace the version:

     <dependency>
       <groupId>${project.groupId}</groupId>
       <artifactId>libjitsi</artifactId>
- <version>1.0-20160202.214638-87</version>
+ <version>1.0-SNAPSHOT</version>

Regards,
Boris

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#3

My installed solution now only works on Firefox. Video and Audio For Chrome and OPera wouldn't come on when I come on the solution.
I have been on this for long and even just did a re-install of everything to be sure everything is fine but still thesame issue.
Did some test and suspected somethings: Could it be that its because I don't have SSL in my server, thats why the browsers are being creepy funny to me?
Please help, thanks guys
Abayomi


#4

Hi Boris,

···

2016-02-03 21:34 GMT+01:00 Brian Baldino <brian@highfive.com>:

awesome, nice work!

On Wed, Feb 3, 2016 at 11:55 AM, Boris Grozev <boris@jitsi.org> wrote:

Hey everyone,

We just finished switching to fixed versions for our maven dependencies.
We don't depend on -SNAPSHOT anywhere anymore. Future builds will be
reproducible by checking out the corresponding commit (marked by a git tag)
and running maven. The specific versions of the dependencies are also
included in our debian and .zip packages (in the names of the jar files in
lib/).

Updating the dependency versions is currently done manually by editing
pom.xml. In order to catch problems as soon as they are introduced we want
to keep all versions updated. Please consider updating all dependent
projects after an update to a dependency.

In order to switch back to using a -SNAPSHOT for a particular dependency
(e.g. while developing), edit pom.xml and replace the version:

     <dependency>
       <groupId>${project.groupId}</groupId>
       <artifactId>libjitsi</artifactId>
- <version>1.0-20160202.214638-87</version>
+ <version>1.0-SNAPSHOT</version>

Regards,
Boris

Shouldn't the fixed version only go into jitsi-universe pom, and the other
projects use fixed version of jitsi-universe ?

Also are you interested in PR updating dependencies (like bouncycastle), or
are planning to do it soon (and just lacking time)?

Regards
Etienne


#5

Yes, you should see that in the console as well: "getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details."

Boris

···

On 03/02/16 14:07, Abayomi Bamiwo wrote:

My installed solution now only works on Firefox. Video and Audio For
Chrome and OPera wouldn't come on when I come on the solution.

I have been on this for long and even just did a re-install of
everything to be sure everything is fine but still thesame issue.

Did some test and suspected somethings: Could it be that its because I
don't have SSL in my server, thats why the browsers are being creepy
funny to me?


#6

Hi Etienne,

Hi Boris,

2016-02-03 21:34 GMT+01:00 Brian Baldino <brian@highfive.com
<mailto:brian@highfive.com>>:

[snip]

Shouldn't the fixed version only go into jitsi-universe pom, and the
other projects use fixed version of jitsi-universe ?

This approach has two disadvantage:
1. One more step in the process of updating.
2. If a project has not been updated for a while, updating the version of its parent to the latest jitsi-universe will result in many dependencies changing versions.

These are solvable, but they were the motivation of the decision to go this way. Feedback is of course welcome.

Also are you interested in PR updating dependencies (like bouncycastle),
or are planning to do it soon (and just lacking time)?

I don't think PRs will help here. The actual update is easy, and the time-consuming part is making sure everything still works afterwards.

AFAIK going back to the upstream version of bouncycastle is on the radar.

Regards,
Boris

···

On 04/02/16 07:32, Etienne Champetier wrote:


#7

I can verify this, if you want to test / develop your solution without
deploying it to a server configured for SSL, you have to use localhost. It
would have been nice for the-powers-that-be to at least include private
network IP addresses for non-secure testing purposes.

Paul

···

On Wed, Feb 3, 2016 at 8:28 PM Boris Grozev <boris@jitsi.org> wrote:

On 03/02/16 14:07, Abayomi Bamiwo wrote:
> My installed solution now only works on Firefox. Video and Audio For
> Chrome and OPera wouldn't come on when I come on the solution.
>
> I have been on this for long and even just did a re-install of
> everything to be sure everything is fine but still thesame issue.
>
> Did some test and suspected somethings: Could it be that its because I
> don't have SSL in my server, thats why the browsers are being creepy
> funny to me?

Yes, you should see that in the console as well: "getUserMedia() no
longer works on insecure origins. To use this feature, you should
consider switching your application to a secure origin, such as HTTPS.
See https://goo.gl/rStTGz for more details."

Boris

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#8

Hi Boris,

Hi Etienne,

Hi Boris,

2016-02-03 21:34 GMT+01:00 Brian Baldino <brian@highfive.com
<mailto:brian@highfive.com>>:

[snip]

Shouldn't the fixed version only go into jitsi-universe pom, and the
other projects use fixed version of jitsi-universe ?

This approach has two disadvantage:
1. One more step in the process of updating.

i didn't had time to test
https://danielflower.github.io/2015/03/08/The-Multi-Module-Maven-Release-Plugin-for-Git.html
but we really need to find a way to do automatic releases, with dependency
management
(a libjitsi commit should trigger libjitsi, jvb, jicofo, etc releases)

2. If a project has not been updated for a while, updating the version of
its parent to the latest jitsi-universe will result in many dependencies
changing versions.

That's the point, you will keep using old version of dependencies instead
of going forward

These are solvable, but they were the motivation of the decision to go
this way. Feedback is of course welcome.

Also are you interested in PR updating dependencies (like bouncycastle),
or are planning to do it soon (and just lacking time)?

I don't think PRs will help here. The actual update is easy, and the
time-consuming part is making sure everything still works afterwards.

AFAIK going back to the upstream version of bouncycastle is on the radar.

cool, i'm using 1.54 and it's working fine for me
only build failure is with libjitsi, see
https://github.com/jitsi/libjitsi/pull/72

···

2016-02-04 16:37 GMT+01:00 Boris Grozev <boris@jitsi.org>:

On 04/02/16 07:32, Etienne Champetier wrote:

Regards,
Boris


#9

Thanks so much Boris. Will do that Today

···

From: Boris Grozev <boris@jitsi.org>
To: Abayomi Bamiwo <baa_yoo@yahoo.com>; Jitsi Developers <dev@jitsi.org>
Sent: Wednesday, February 3, 2016 5:27 PM
Subject: Re: [jitsi-dev] CHROME AND OPERA BEING FUNNY
   
On 03/02/16 14:07, Abayomi Bamiwo wrote:

My installed solution now only works on Firefox. Video and Audio For
Chrome and OPera wouldn't come on when I come on the solution.

I have been on this for long and even just did a re-install of
everything to be sure everything is fine but still thesame issue.

Did some test and suspected somethings: Could it be that its because I
don't have SSL in my server, thats why the browsers are being creepy
funny to me?

Yes, you should see that in the console as well: "getUserMedia() no
longer works on insecure origins. To use this feature, you should
consider switching your application to a secure origin, such as HTTPS.
See https://goo.gl/rStTGz for more details."

Boris